topic Re: different account within the scripts in Operating System - HP-UX

different account within the scripts

Jay C. Quibuloy — Mon, 24 Nov 2003 01:18:08 GMT

Hi!

Is there a way to used the other account within the scipts that will call another program and also without prompting a password.

Re: different account within the scripts

Christian Gebhardt — Mon, 24 Nov 2003 03:04:10 GMT

Hi

if you start the script as user root you can run a script without prompting a password:

<script>
su - -c
<script>

the "su -" means that you source /etc/profile and .profile, so you have the environment from the user. In this files you must not have any programs that produce an output.

Another way:

<script>
su - user <

EOFUSER
<script>

If you are not root it's not so easy.

user1 want to run a program from user2:
you need a file
/.rhosts
with entry
user1

user1 can now "login" to user2 without password:
<script>
rexec hostname -l user2
<script>
Think of security !!!

The same trick you can do with ssh and empty passphrase.

Chris

Re: different account within the scripts

doug hosking — Tue, 25 Nov 2003 05:27:31 GMT

Alternatively, you could install the 'other program' as a setuid or setgid binary using the chmod command. But as Chris suggests, there are many security issues to consider here. It's easy to give you a solution that would be functional. We would have to know a lot more about your specific environment and needs to give you something that might be acceptable from a security point of view.